1apiVersion: v1
2kind: ServiceAccount
3metadata:
4 name: hello-account
5 namespace: hello
6---
7apiVersion: rbac.authorization.k8s.io/v1
8kind: ClusterRole
9metadata:
10 name: hello-role
11rules:
12 - apiGroups: [""]
13 resources: [persistentvolumes]
14 verbs: [get, list, watch, patch]
15 - apiGroups: [""]
16 resources: [persistentvolumeclaims]
17 verbs: [get, list, watch, patch, create, delete]
18 - apiGroups: [""]
19 resources: [pods]
20 verbs: [get, list, watch, create, delete]
21 - apiGroups: [storage.k8s.io]
22 resources: [storageclasses]
23 verbs: [get, list, watch]
24
25 - apiGroups: [hello.example.com]
26 resources: [hellos]
27 verbs: [get, list, watch]
28---
29apiVersion: rbac.authorization.k8s.io/v1
30kind: ClusterRoleBinding
31metadata:
32 name: hello-binding
33subjects:
34 - kind: ServiceAccount
35 name: hello-account
36 namespace: hello
37roleRef:
38 kind: ClusterRole
39 name: hello-role
40 apiGroup: rbac.authorization.k8s.io
41---
42apiVersion: apps/v1
43kind: Deployment
44metadata:
45 name: hello-populator
46 namespace: hello
47spec:
48 selector:
49 matchLabels:
50 app: hello
51 template:
52 metadata:
53 labels:
54 app: hello
55 spec:
56 serviceAccount: hello-account
57 containers:
58 - name: hello
59 image: registry.k8s.io/sig-storage/hello-populator:v1.0.1
60 imagePullPolicy: IfNotPresent
61 args:
62 - --mode=controller
63 - --image-name=registry.k8s.io/sig-storage/hello-populator:v1.0.1
64 - --http-endpoint=:8080
65 ports:
66 - containerPort: 8080
67 name: http-endpoint
68 protocol: TCP
View as plain text